def test_validate_uri(self): request = make_request(SCRIPT_NAME="/my", PATH_INFO="/page") params = dict(scheme="SRP-HMAC", realm="testrealm", username="******", nonce="abcdef", response="123456", ckey="abcdef", uri="/my/page", cnonce="98765", nc="0001", algorithm="SRP-1024-SHA1") # They should be valid as-is. self.failUnless(validate_uri(request, params)) # Using full URI still works params["uri"] = "http://localhost/my/page" self.failUnless(validate_uri(request, params)) # Check that query-string is taken into account. params["uri"] = "http://localhost/my/page?test=one" self.failIf(validate_uri(request, params)) request.environ["QUERY_STRING"] = "test=two" self.failIf(validate_uri(request, params)) request.environ["QUERY_STRING"] = "test=one" self.failUnless(validate_uri(request, params)) params["uri"] = "/my/page?test=one" self.failUnless(validate_uri(request, params))
def _get_auth_params(self, request): """Extract srp-hmac-auth parameters from the request. This method extracts srp-hmac-auth parameters from the Authorization header and returns them as a dict. If they are missing then None is returned. """ params = self._get_unvalidated_auth_params(request) if params is None: return None # Check that they're valid srp-hmac-auth parameters. if not validate_parameters(params, self.realm): return None # Check that the digest is applied to the correct URI. if not validate_uri(request, params): return None # Check that the provided nonce is valid. # If this looks like a stale request, mark it in the request # so we can include that information in the challenge. if not validate_nonce(self.nonce_manager, request, params): request.environ[_ENVKEY_STALE_NONCE] = True return None return params